package SPRING_AUTHZ_MISSING;

public class Vulnerable {
    @Configuration
    @EnableWebSecurity
    public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http.authorizeRequests()
                    .antMatchers(HttpMethod.POST,"/version ").hasAnyRole("ADMIN","USER")
                    .antMatchers(HttpMethod.PUT ,"/admin/*").hasRole("ADMIN")
                    .antMatchers("/setting").authenticated()
                    .and().httpBasic();
        }
}
